Tagged Questions

1. In computers and computer networks, a configuration often refers to the specific hardware and software details in terms of devices attached, capacity or capability, and exactly what the system is made up of.
2. In networks, a configuration often means the network topology.
3. In installing ...

Assuming that a license can be a key (XXXX-XXXX-XXXX-XXXX), a file (license.xml or whatever), or a login for a dashboard on the vendor website, how would be a standard way to store and secure those ...

I'm building a web service (a control panel for clients) (PHP on linux apache) and trying from the design to make it the most secure as I can,
Can anyone provide me with some kind of a check-list of ...

I read the following post, and while the questions was specific to SkyRim, the more general answer was that it depends on the game. I wanted to pose a more generic question here to the security folks.
...

Considering a site that handles large POST data, would it be unreasonable and dangerous to set the php.ini max_input_vars to something like 100000?
I know this is a vector for DOS attacks, but don't ...

I would like to configure local honeypot on windows xp which is installed on vmware, to do so I follow instruction on this link, but as I am new I don't know how can I configure routing infrastructure ...

I have configured 3 VMs: ossec server and two agents in CentOS 6 and Windows 2k8 R2. I have completed the setup and FIM and Log Management works smoothly. It also reports the new files. However, it ...

I'm researching OS hardening and it seems there are a variety of recommended configuration guides. I realize the different configuration providers supply different offerings per Operating System, but ...

In a context of proprietary client boxes and servers, I want to limit authentication to ECDSA keys. Historically, "RSAAuthentication yes" was used to enable authentication with RSA and maybe DSA keys. ...

Does encrypting a value in the web.config file actually provide any real protection? It seems to me that any web app can read that setting. Yes that's more work than just reading the web.config file, ...

If a WorPress application that uses the Akismet wordpress plugin has certain directory listing exposed publicly, like, akismet-en_AU.po and the other .po files, and directories like plugins, themes, ...

So I'm running a private subnet where there is no internet connectivity, I understand the grave danger of running an ssh server on the internet without security.
In short I would like to be able to ...

We have many scripts that we call "secure baselines" that allow our server/desktop installation people to install operating systems using best security practice. We test that the baselines have been ...

We will be getting some data that needs to be kept in accordance with USGCB regulations. Our intent was to keep it secure by storing and using it on a non-networked computer, but the regulations seem ...

BREACH, a new attack on SSL that targets HTTP compression, has recently been publicly announced.
I manage a few web servers. How can I audit them to check which of them are potentially vulnerable to ...

Consider an election web site that will be used for voting over the Internet.
What steps should the administrator of such a web site take to provide adequate security against man-in-the-middle attacks ...

I need to be able to watch directories on our servers, and track changes to files as part of our audit compliance. I have adjusted auditd to watch the directories, and send all writes and attribute ...

We are considering a certification process for new internal server builds before they are allowed to be placed into production. That is, the system administration team will send the server up to the ...

How can I disable DSA and ECDSA authentication on my server with OpenSSH 5.9? Sifting through the documentation material and doing a web search didn't yield any results - only an old bug report for ...

If a Linux user need use his bank account from Internet, then what technologies and procedures should use?
Is better to use the Guest Account (if exist) of the OS, or an Administrator Account?
What ...

Until now I've been setting TCP Forwarding in ssh always blindly to no but searching on the net, I have trouble finding out what the actual security threat is, when allowing it.
The one thing I did ...

I thought that I should publicize all my programming on a web page so someone will hire me as a programmer.
I got tempted to include not only programs but my .emacs, .bashrc, and .Xresources files. ...

When hosting a site on a cluster (or cloud configuration) we need to specify a Machine Key in the web.config file. This is needed to keep the machines in sync (often the first encounter with this is ...

When setting up a server, what configuration changes do I need to make sure that all of the software uses /dev/urandom instead of /dev/random?
Some servers don't have much entropy in the entropy pool ...

A vendor is asking me to change the PSLanguageMode from within IIS on my Exchange server(s).
What potential vulnerabilities am I opening myself up to?
I'm surprised to see this option present within ...